473,320 Members | 2,004 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

How do I put % in a format sting?

How do I put % in a format sting?

For example I want this to work:
>>sql_template="""SELECT ENTRY FROM LOOKUP WHERE FIELDNAME LIKE '%s%V'"""
sql_template % 'userdef103'
Traceback (most recent call last):
File "<interactive input>", line 1, in ?
TypeError: not enough arguments for format string

--
Gregory Piñero
Chief Innovation Officer
Blended Technologies
(www.blendedtechnologies.com)
Oct 5 '06 #1
5 1390
Gregory Piñero wrote:
How do I put % in a format sting?

For example I want this to work:
>>>sql_template="""SELECT ENTRY FROM LOOKUP WHERE FIELDNAME LIKE '%s%V'"""
sql_template % 'userdef103'
Traceback (most recent call last):
File "<interactive input>", line 1, in ?
TypeError: not enough arguments for format string
Put it immediately after the string:

sql_template="""SELECT ENTRY FROM LOOKUP WHERE FIELDNAME LIKE '%s%V'"""
% 'userdef103'

But I think SQL has other recommended methods. At least with SQLite, it
is recommended you not use Python's %s formatter but instead the "?"
formatter.
Oct 5 '06 #2
Thanks guys, putting it twice is all it took!
Oct 5 '06 #3
On Thu, 2006-10-05 at 16:15, John Salerno wrote:
But I think SQL has other recommended methods. At least with SQLite, it
is recommended you not use Python's %s formatter but instead the "?"
formatter.
While I wholeheartedly agree with the sentiment, calling the "?" a
formatter only blurs the already blurred distinction between string
formatting and parameter passing. The "?" is a parameter placeholder.

I'm not gonna go into the reasons for why one should always use
parametrized queries instead of rolling queries via string formatting,
but the keywords are "SQL injection attack" and "poor performance". I
would like to point out, though, that parameter passing in DB-API
compliant database access modules is in general very different from
string formatting.

In most databases, when you say cur.execute("update sometable set
somecolumn = ? where somekey = ?", ("spam", "eggs")), the database
driver does *not* build a query string with string literals for "spam"
and "eggs" substituted into the query. Real databases have a native API
that allows passing a parametrized query and a set of parameter
bindings, no string substitution required or desired.

Some databases do not have such an API, and their respective DB-API
modules emulate parameter passing by string substitution, but that is an
implementation detail nobody should care about. However, it is precisely
those databases that blur the distinction between parameter passing and
string substitution, especially because their implementations tend to
use "%s" parameter placeholders to make the internal string substitution
easier, thus leaking an implementation detail into application code in
an unfortunate way. (This is also the reason why I'd like to see %s
parameter placeholders banned from future versions of the DB-API spec.)

The bottom-line is, when writing parametrized queries, the "?" or "%s"
or whatever is used to indicate that "here be parameters" is a parameter
placeholder, not a formatter.

Thanks for listening, I hope somebody out there finds this helpful ;)

-Carsten
Oct 5 '06 #4
On 10/5/06, Gregory Piñero <gr********@gmail.comwrote:
Thanks guys, putting it twice is all it took!
This rule holds true for a lot of string formatting conventions. (such
as in regexes)
-- Theerasak
Oct 6 '06 #5
Carsten Haese wrote:
While I wholeheartedly agree with the sentiment, calling the "?" a
formatter only blurs the already blurred distinction between string
formatting and parameter passing. The "?" is a parameter placeholder.
Yeah, you're right. I was actually raising an eyebrow as I typed
"formatter", because I wasn't sure what to call it. :)
Oct 6 '06 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

15
by: Simon Brooke | last post by:
I'm investigating a bug a customer has reported in our database abstraction layer, and it's making me very unhappy. Brief summary: I have a database abstraction layer which is intended to...
3
by: stevek | last post by:
How do I format an integer. Add commas. 1234565 1,234,565 TIA
4
by: Niyazi | last post by:
Hi I am trying to insert some value into SQL Server 2000 tables and I am keep getting the "Input string was not in a correct format" error. When user fills the Form it updates the table call...
3
by: xmlguy | last post by:
XmlTextReader myXmlReader = new XmlTextReader(args); string en = myXmlReader.Encoding.EncodingName; //Console.WriteLine(x); Error: Unhandled Exception: System.NullReferenceException: Object...
6
by: Dario Di Bella | last post by:
Hi all, we have the following urgent issue affecting our development team. Initially we had one particular workstation that failed executing queries on a DB2 database, raising an invalid date...
11
by: Grumble | last post by:
Hello, I have the following structure: struct foo { char *format; /* format string to be used with printf() */ int nparm; /* number of %d specifiers in the format string */ /* 0 <= nparm <=...
15
by: Fritz Switzer | last post by:
I'd like to have a string assigned the value of a DateTime.AddMinutes(amount) so that the string is formatted in "HH:MM" format. For example: DateTime.Now.AddMinutes(30) returns "00:30" ...
2
by: Rahul | last post by:
Hey Guys I have a development environment, in which the whole SQL syntax is stored in the Database. So the syntax in the databse column could be "where BirthDate = '12/31/2005' and ID =...
4
by: Rainer Queck | last post by:
Hi NG, in my application a <myDataTable>.Select fails with "Syntax error in the expression." It took me a while, isolate the cause to this: To select some datarows from a data table I am...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.